Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

inter-autonomous system mpls vpn: configuration and

INTER-AUTONOMOUS SYSTEM
MPLS VPN: CONFIGURATION AND
TROUBLESHOOTING
DECEMBER 2003
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
1
Agenda
• Troubleshooting Commands
• Inter-AS Case Study
• Inter-AS Summary
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
2
BASIC TROUBLESHOOTING
COMMANDS
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
3
Troubleshooting Commands
• Check VRF routing table
show ip route vrf <vrf name>
Check the imported route and associated NH address
• Check BGP VPNv4 table
show ip bgp vpnv4 all
Check routes associated with an RD
• Check CEF table CEF
show ip CEF VRF <vrf name>
Entries for the imported prefixes from a neighbor
• Check TFIB table
show tag forwarding
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
4
CASE STUDY
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
5
Inter-AS Case Study Agenda
• Introduction
• Configuration Analysis
• Backup path check
• Load Balancing VPNv4 prefixes across the Inter-AS
paths
• Inter-AS Design Considerations
• Inter-AS Configurations
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
6
Introduction
• Case study scenario
• Setup
• Inter-AS VPN Distribution Methods
Next-Hop-Self Method
Redistribute Connected Subnet Method
Label Switch Path – Next-Hop-Self
Label Switch Path – Redistribute Connected Subnets
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
7
Case Study Scenario
• Two separate MPLS VPN networks: (AS200 and AS300)
that distribute VPN routes between each other.
• Two Inter-AS (eBGP) connections: primary and
backup paths
VPN traffic will normally travel over the primary Inter-AS path
and switch over to the backup path in the event of a failure
• Four VRFs used in this example:
AS300: VRF green and emerald sites
AS200: VRF red and pink
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
8
Topology
AS 300
AS 200
Route with * disallowed
from crossing AS (does not hold
RT 200:777)
vrf green
30.1.1.0
VPNv4 Route Distribution between AS’s
vrf
emerald
31.1.1.0
vrf red
20.1.1.0
20.2.1.0 *
vrf pink
21.1.1.0
21.2.1.0
PE-200
PE-300
eBGP
Backup
ASBR-B300
Accept all routes
Redistribute connected subnets
Set MED = 100
Accept all routes
Redistribute connected subnets
Set MED = 50
MPLS VPN Inter-AS,
12/03
ASBR-B200
Only accept routes with RT = 200:777
Set next-hop = self
Set MED = 100
Primary
eBGP
ASBR-A300
© 2003 Cisco Systems, Inc. All rights reserved.
ASBR-A200
Only accept routes with RT = 200:777
Set next-hop = self
Set MED = 50
9
IP Addressing for the Topology
PE-300
LO0
PE-200
156.50.10.3/32
LO0
LO10
30.1.1.1/24
vrf green
vrf red
LO10
20.1.1.1/24
LO11
31.1.1.1/24
vrf emerald
vrf pink
LO11
21.1.1.1/24
FA4/0
3.3.3.6/30
FA4/0
2.2.2.6/30
ASBR-B300
LO0
ASBR-B200
156.50.10.2/32
LO0
166.50.10.2/32
FA0/0
3.3.3.5/30
FA0/0
2.2.2.5/30
POS4/0
1.1.1.6/30
POS4/0
1.1.1.5/30
ATM1/0
3.3.3.2/30
ATM1/0
2.2.2.2/30
ASBR-A300
LO0
MPLS VPN Inter-AS,
12/03
166.50.10.3/32
156.50.10.1/32
ASBR-A200
LO0
166.50.10.1/32
POS8/0/0
1.1.1.2/30
POS1/0/0
1.1.1.1/30
ATM8/1/0
3.3.3.1/30
ATM1/1/0
2.2.2.1/30
© 2003 Cisco Systems, Inc. All rights reserved.
10
Inter-AS Distribution Methods
• Next-hop-self Method
Changing next-hop to that of the local ASBR for all VPNv4 routes learned
from the other ASBR
BGP label and NH are changed by the receiving ASBR, which that has
next-hop-self enabled
• Redistribute-Connected-Subnets
Redistributing the next hop address of the remote ASBR into the local IGP
using redistribute connected subnets command
Example: BGP label and next hop is not changed when the VPNv4 routes
are redistributed into the local AS
• Both methods will be used in this case study. ASBR in AS200
will change NH to themselves. ASBRs in AS300 will use host
route to NH address of ASBR in AS200.
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
11
Inter-AS Case Study Specifications
• AS 200 has three routers
Primary ASBR: ASBR-A200
Using Next-Hop-Self Method on ASBR-200
Backup ASBR / P router: ASBR-B200
PE: PE-200; two VRF’s red and pink
• AS 300 has three routers:
Primary ASBR: ASBR-A300
Using Redistribute Connected subnets on ASBR-300
Backup ASBR / P router: ASBR-B300
PE: PE-300; two VRF’s green and emerald
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
12
Inter-AS Distribution:
Next-Hop-Self Method on Primary path
AS 300
Network: 300:1:30.1.1.0
156.50.10.3
Next-hop:
PE-300
AS 200
PE-200
PE-300
BGP Label: 161
Network: 300:1:30.1.1.0
166.50.10.1
Next-hop:
ABSR-A200
BGP Label: 23
1
5
ASBR-B300
Network: 300:1:30.1.1.0
Network: 300:1:30.1.1.0
Next-hop:
1.1.1.2
156.50.10.3
PE-300
BGP Label: 161
1.1.1.1
Next-hop:
166.50.10.1
ASBR-A200
BGP Label: 23
ASBR-A300
2
3
MPLS VPN Inter-AS,
12/03
ASBR-B200
© 2003 Cisco Systems, Inc. All rights reserved.
ASBR-A200
Network: 300:1:30.1.1.0
1.1.1.2
Next-hop:
ABSR-A300
4
BGP Label: 164
13
Inter-AS Distribution:
Next-Hop-Self Method
Changing next-hop to that of the local ASBR for all VPNv4
routes learnt from the other ASBR. Sample config for ASBR-A200:
address-family vpnv4
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 send-community extended
neighbor 1.1.1.2 route-map SETMETRIC out
neighbor 166.50.10.3 activate
neighbor 166.50.10.3 next-hop-self
(!
neighbor 166.50.10.3 send-community extended
neighbor 166.50.10.3 route-map INTER-AS in
exit-address-family
!
ip extcommunity-list 10 permit rt 200:777
!
access-list 1 permit any
route-map SETMETRIC permit 10
match ip address 1
set metric 50
!
route-map INTER-AS permit 10
match extcommunity 10
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
PE-200 peer)
14
Inter-AS Distribution:
Redistribute Connected Subnet Method
• ASBRs in AS300 uses the redistribute connected subnets method
to distribute VPNv4 routes
• BGP next-hop is not changed for remote VPNv4 routes and will
remain that of ASBR-A200 which is 1.1.1.1 (the interface address)
AS 300
Network: 200:1:20.1.1.0
1.1.1.1
Next-hop:
ABSR-A200
BGP Label: 20
AS 200
Network: 200:1:20.1.1.0
166.50.10.3
Next-hop:
PE-200
BGP Label: 29
PE-200
PE-300
1
5
ASBR-B300
Network: 200:1:20.1.1.0
Network: 200:1:20.1.1.0
Next-hop:
1.1.1.2
1.1.1.1
ABSR-A200
BGP Label: 20
1.1.1.1
Next-hop:
166.50.10.3
PE-200
BGP Label: 29
ASBR-A300
4
MPLS VPN Inter-AS,
12/03
ASBR-B200
© 2003 Cisco Systems, Inc. All rights reserved.
ASBR-A200
Network: 200:1:20.1.1.0
1.1.1.1
Next-hop:
ASBR-A200
BGP Label: 20
2
3
15
Inter-AS Distribution:
Label Switch Path – Next-Hop-Self
Network: 300:1:30.1.1.0
Network: 300:1:30.1.1.0
Next-hop:
156.50.10.3
Next-hop:
PE-300
AS 300
BGP Label: 23
IGP Label: 16
AS 200
BGP Label: 161
7
1
PE-200
PE-300
Network: 300:1:30.1.1.0
Network: 300:1:30.1.1.0
156.50.10.3
Next-hop:
PE-300
ASBR-B300
ASBR-B200
IGP Label: Pop
166.50.10.1
ABSR-A200
2
Network: 300:1:30.1.1.0
156.50.10.3
Next-hop:
PE-300
BGP Label: 161
1.1.1.2
1.1.1.1
ASBR-A300
IGP Label: 162
5
© 2003 Cisco Systems, Inc. All rights reserved.
ASBR-A200
Network: 300:1:30.1.1.0
1.1.1.2
Next-hop:
ABSR-A300
BGP Label: 164
MPLS VPN Inter-AS,
12/03
Next-hop:
BGP Label: 23
IGP Label: Pop
BGP Label: 161
6
166.50.10.1
ABSR-A200
Network: 300:1:30.1.1.0
166.50.10.1
Next-hop:
ASBR-A200
BGP Label: 23
3
4
16
Inter-AS Distribution: Label Switch Path –
Redistribute Connected Subnets
Network: 200:1:20.1.1.0
Next-hop:
Network: 200:1:20.1.1.0
1.1.1.1
ABSR-A200
Next-hop:
BGP Label: 20
IGP Label: 166
AS 300
1
AS 200
BGP Label: 29
7
PE-200
PE-300
Network: 200:1:20.1.1.0
Network: 200:1:20.1.1.0
1.1.1.1
Next-hop:
ASBR-A200
ASBR-B300
Next-hop:
ASBR-B200
IGP Label: 160
Network: 200:1:20.1.1.0
Network: 200:1:20.1.1.0
1.1.1.1
Next-hop:
ASBR-A200
BGP Label: 20
1.1.1.2
ASBR-A300
IGP Label: Pop
3
© 2003 Cisco Systems, Inc. All rights reserved.
1.1.1.1
Next-hop:
ASBR-A200
Network: 200:1:20.1.1.0
1.1.1.1
Next-hop:
ABSR-A200
BGP Label: 20
MPLS VPN Inter-AS,
12/03
166.50.10.3
PE-200
BGP Label: 29
IGP Label: Pop
BGP Label: 20
2
166.50.10.3
PE-200
6
166.50.10.3
PE-200
BGP Label: 29
IGP Label: 17
5
4
17
Backup path check
• Under normal circumstances, all traffic between the
Autonomous Systems will travel along the primary eBGP
path, circuit addresses 1.1.1.1 – 1.1.1.2.
• This section verifies that the backup path works correctly
if the primary path fails
Simple test was executed with traffic originating from PE300
traveling to PE200
• Shutdown primary interface on AS200
Backup path is selected on PE-300
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
18
Backup path check:
Traceroute on the primary path
PE-300#trace vrf green 20.1.1.1
Type escape sequence to abort.
Tracing the route to 20.1.1.1
1
2
3
4
3.3.3.5 4 msec 4 msec 0 msec
3.3.3.1 4 msec 4 msec 0 msec
1.1.1.1 4 msec 4 msec 0 msec  ASBR-A200 primary
2.2.2.2 4 msec 0 msec 4 msec
5 20.1.1.1 0 msec * 0 msec
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
19
Backup path check: Traceroute
on the primary path (Cont.)
PE-300#trace vrf green 20.1.1.1
Type escape sequence to abort.
Tracing the route to 20.1.1.1
1 3.3.3.5 0 msec 4 msec 0 msec
2 1.1.1.5 0 msec 0 msec 4 msec  ASBR-B200 backup
3 20.1.1.1 0 msec * 0 msec
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
20
Load Balancing VPNv4 Prefixes
Across the Inter-AS Paths
• Overview
• ASBR 200 configurations
• PE-200 configuration
• PE-300 VPNv4 BGP Table
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
21
Load Balancing VPNv4 Prefixes
Across the Inter-AS Paths: Topology
AS 300
AS 200
Route with * disallowed
from crossing AS (does not hold
RT 777:1 or RT 777:2)
vrf green
30.1.1.0
Via gateway 1
VPNv4 Route Distribution between AS’s
vrf
emerald
31.1.1.0
vrf red
20.1.1.0
20.2.1.0 *
vrf pink
21.1.1.0
21.2.1.0
Via gateway 2
PE-200
PE-300
eBGP
Gateway 2
ASBR-B300
Accept all routes
Redistribute connected subnets
Set MED = 100
Accept all routes
Redistribute connected subnets
Set MED = 50
MPLS VPN Inter-AS,
12/03
ASBR-B200
Only accept routes with RT = 777:1 or 777:2
Set next-hop = self
Set MED = 50 if RT 777:2 MED=100 if RT 777:1
Gateway 1
eBGP
ASBR-A300
© 2003 Cisco Systems, Inc. All rights reserved.
ASBR-A200
Only accept routes with RT = 777:1 or 777:2
Set next-hop = self
Set MED = 50 if RT 777:1 MED=100 if RT 777:2
22
Load Balancing VPNv4 Prefixes Across
the Inter-AS Paths: Goals and Specs
• Goal: load balance VPNv4 prefixes across both Inter-AS
links from AS300 to AS200.
• Note that there are two paths:
Gateway 1 (path between ASBR-A200 and ASBR-A300): only VRF
green traffic
Gateway 2 (path between ASBR-B200 & ASBR-B300): only VRF
emerald traffic
ASBR-A200: accept routes only from VRF green
ASBR-B200: accept routes only from VRF emerald
• If load balancing is required in both directions, mirror
ASBR-A200 configuration on ASBR-A300 and ASBRB200 configuration on ASBR-B300
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
23
Load-balancing: VPNv4
Related Specifications
• MED is set at each gateway, depending upon the
route-target/extcommunity value on the VPNv4 route
• Route-target = 777:1
Primary: Gateway 1; prefix: MED=50
Backup: Gateway 2; MED=100
• Route-target = 777:2
Primary: Gateway 2; prefix: MED=50
Backup: Gateway 1; MED=100
• Gateways have both been configured to accept only
VPNv4 routes that have the extcommunity attribute
777:1 or 777:2
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
24
Load Balancing Across the Inter-AS
Paths: PE 200 Configuration
• The primary path for VRF pink is via ASBR-B200
• All routes in VRF pink have the route-target 777:2; ASBR-A200
will be the backup path (from perspective of the PE-300)
• The primary path for VRF red is via ASBR-A200; backup path is
via ASBR-B200
VRF
Prefix
RT
Primary
Backup
Re
d
20.1.1.
0
20.2.1.
0
21.1.1.
0
21.2.1.
0
200:1 777:1
200:1
ASBR-A200 (1.1.1.1)
Denied
ASBR-B200
(1.1.1.5)
Denied
200:2 777:2
200:2 777:2
ASBR-B200 (1.1.1.5)
ASBR-B200 (1.1.1.5)
ASBR-A200
(1.1.1.1)
ASBR-A200
(1.1.1.1)
Pin
k
*should see the red routes via 1.1.1.1 and the pink routes via 1.1.1.5
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
25
Load Balancing Across the Inter-AS
Paths: PE 200 Configuration (Cont.)
ip vrf pink
rd 200:2
route-target export 200:2
route-target export 777:2
route-target import 200:2
route-target import 300:2
!
ip vrf red
rd 200:1
export map OUT-INTER-AS
route-target export 200:1
route-target import 200:1
route-target import 300:1
 use ASBR-B200 as the primary path
access-list 10 permit 20.1.1.0 0.0.0.55
route-map OUT-INTER-AS permit 10
match ip address 10
set extcommunity rt 777:1 additive 
!
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
use ASBR-A200 as the primary path
26
Load Balancing Across the Inter-AS
Paths: ASBR-A200 Configuration
router bgp 200
…
address-family vpnv4
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 send-community extended
neighbor 1.1.1.2 route-map SETMETRIC out
neighbor 166.50.10.3 activate
neighbor 166.50.10.3 next-hop-self
neighbor 166.50.10.3 send-community extended
neighbor 166.50.10.3 route-map INTER-AS in
exit-address-family
!
…
ip extcommunity-list 10 permit rt 777:1
ip extcommunity-list 11 permit rt 777:2
!
route-map SETMETRIC permit 10
match extcommunity 10
set metric 50
 Metric is 100 on ASBR-B200
!
route-map SETMETRIC permit 11
match extcommunity 11
set metric 100
 Metric is 50 on ASBR-B200
!
route-map INTER-AS permit 10
match extcommunity 10 11
 AS200 ASBR’s to accept VPNv4 routes
that hold the extcommunity attribute of
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
777:1 or 777:2
27
Load Balancing Across the Inter-AS
Paths: PE-300 VPNv4 BGP Table
PE-300#show ip bgp vpnv4 all
BGP table version is 99, local router ID is 156.50.10.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 200:1
*>i20.1.1.0/24
1.1.1.1
50
100
0 200 ?
* i
1.1.1.5
100
100
0 200 ?
Route Distinguisher: 200:2
* i21.1.1.0/24
1.1.1.1
100
100
0 200 ?
*>i
1.1.1.5
50
100
0 200 ?
* i21.2.1.0/24
1.1.1.1
100
100
0 200 ?
*>i
1.1.1.5
50
100
0 200 ?
Route Distinguisher: 300:1 (default for vrf green)
*>i20.1.1.0/24
1.1.1.1
50
100
0 200 ?  Via ASBR-A200
*> 30.1.1.0/24
0.0.0.0
0
32768 ?
Route Distinguisher: 300:2 (default for vrf emerald)
*>i21.1.1.0/24
1.1.1.5
50
100
0 200 ?  Via ASBR-B200
*>i21.2.1.0/24
1.1.1.5
50
100
0 200 ?  Via ASBR-B200
*> 31.1.1.0/24
0.0.0.0
0
32768 ?
Note: BGP VPNv4 table on PE-300 after the VPNv4 routes from AS 200 have been redistributed
using the new route-targets and MED values. As can be seen, the best routes have been chosen
and imported into the green and emerald VRF’s using the lowest metric (MED) the next hop
being either 1.1.1.1 or 1.1.1.5.
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
28
Configurations
• ASBR-A200
• ASBR-A300
• ASBR-B200
• ASBR-B300
• PE-200
• PE-300
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
29
Configurations: ASBR-A200
hostname ABSR-A200
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
no ip domain-lookup
!
ip cef distributed
call rsvp-sync
cns event-service server
!
interface Loopback0
ip address 166.50.10.1 255.255.255.255
!
interface ATM1/0/0
ip address 2.2.2.1 255.255.255.252
ip route-cache distributed
ip ospf network point-to-point
no atm ilmi-keepalive
pvc 1/102
broadcast
encapsulation aal5snap
!
tag-switching ip
!
interface POS1/1/0
ip address 1.1.1.1 255.255.255.252
ip route-cache distributed
clock source internal
pos ais-shut
pos report lais
pos report lrdi
!
router ospf 200
log-adjacency-changes
network 2.2.2.0 0.0.0.255 area 0
network 166.50.10.0 0.0.0.255 area 0
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
!
router bgp 200
no synchronization
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 1.1.1.2 remote-as 300
neighbor 166.50.10.3 remote-as 200
neighbor 166.50.10.3 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.2 activate
!
neighbor 1.1.1.2 send-community extended
neighbor 1.1.1.2 route-map SETMETRIC out
neighbor 166.50.10.3 activate
neighbor 166.50.10.3 next-hop-self
neighbor 166.50.10.3 send-community extended
neighbor 166.50.10.3 route-map INTER-AS in
exit-address-family
!
ip kerberos source-interface any
ip classless
no ip http server
ip extcommunity-list 10 permit rt 200:777
!
access-list 1 permit any
route-map SETMETRIC permit 10
match ip address 1
set metric 50
!
route-map INTER-AS permit 10
match extcommunity 10
!
end
30
Configurations: ASBR-A300
hostname ABSR-A300
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
no ip domain-lookup
!
ip cef distributed
tag-switching tag-range downstream 160 1000 0
call rsvp-sync
cns event-service server
!
interface Loopback0
ip address 156.50.10.1 255.255.255.255
!
interface ATM8/0/0
ip address 3.3.3.1 255.255.255.252
ip route-cache distributed
ip ospf network point-to-point
no atm ilmi-keepalive
pvc 1/102
broadcast
encapsulation aal5snap
!
tag-switching ip
!
interface POS8/1/0
ip address 1.1.1.2 255.255.255.252
ip route-cache distributed
pos ais-shut
pos report lais
pos report lrdi
!
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
!
router ospf 300
log-adjacency-changes
redistribute connected subnets
network 3.3.3.0 0.0.0.3 area 0
network 156.50.10.0 0.0.0.255 area 0
!
router bgp 300
no synchronization
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 200
neighbor 156.50.10.3 remote-as 300
neighbor 156.50.10.3 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 route-map SETMETRIC out
neighbor 156.50.10.3 activate
neighbor 156.50.10.3 send-community extended
bgp scan-time 10
bgp scan-time import 10
exit-address-family
!
ip kerberos source-interface any
ip classless
no ip http server
!
access-list 1 permit any
route-map SETMETRIC permit 10
match ip address 1
set metric 50
31
Configurations: ASBR-B200
hostname ABSR-B200
!
boot system disk0:c7200-js-mz.121-5.T8.bin
logging rate-limit console 10 except errors
enable password cisco
!
ip subnet-zero
!
no ip finger
no ip domain-lookup
!
ip cef
call rsvp-sync
cns event-service server
!
interface Loopback0
ip address 166.50.10.2 255.255.255.255
!
interface FastEthernet0/0
ip address 2.2.2.5 255.255.255.252
duplex full
tag-switching ip
!
interface ATM3/0
ip address 2.2.2.2 255.255.255.252
ip ospf network point-to-point
no atm ilmi-keepalive
pvc 1/102
broadcast
encapsulation aal5snap
!
tag-switching ip
!
interface POS4/0
ip address 1.1.1.5 255.255.255.252
no ip route-cache cef
clock source internal
!
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
!
interface FastEthernet6/0
ip address 10.64.37.50 255.255.255.0
duplex full
!
router ospf 200
log-adjacency-changes
network 2.2.2.0 0.0.0.255 area 0
network 166.50.10.0 0.0.0.255 area 0
!
router bgp 200
no synchronization
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 1.1.1.6 remote-as 300
neighbor 166.50.10.3 remote-as 200
neighbor 166.50.10.3 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.6 activate
neighbor 1.1.1.6 send-community extended
neighbor 1.1.1.6 route-map SETMETRIC out
neighbor 166.50.10.3 activate
neighbor 166.50.10.3 next-hop-self
neighbor 166.50.10.3 send-community extended
neighbor 166.50.10.3 route-map INTER-AS in
exit-address-family
!
ip kerberos source-interface any
ip classless
no ip http server
ip extcommunity-list 10 permit rt 200:777
!
access-list 1 permit any
route-map SETMETRIC permit 10
match ip address 1
set metric 100
!
route-map INTER-AS permit 10
match extcommunity 10
!
end
32
Configurations: ASBR-B300
hostname ABSR-B300
!
boot system disk0:c7200-js-mz.121-5.T8.bin
logging rate-limit console 10 except errors
enable password cisco
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
!
ip cef
tag-switching tag-range downstream 160 1000 0
call rsvp-sync
cns event-service server
!
interface Loopback0
ip address 156.50.10.2 255.255.255.255
!
interface FastEthernet0/0
ip address 3.3.3.5 255.255.255.252
duplex full
tag-switching ip
!
interface ATM3/0
ip address 3.3.3.2 255.255.255.252
ip ospf network point-to-point
no atm ilmi-keepalive
pvc 1/102
broadcast
encapsulation aal5snap
!
tag-switching ip
!
interface POS4/0
ip address 1.1.1.6 255.255.255.252
no ip route-cache cef
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
!
router ospf 300
log-adjacency-changes
redistribute connected subnets
network 3.3.3.0 0.0.0.3 area 0
network 3.3.3.4 0.0.0.3 area 0
network 156.50.10.0 0.0.0.255 area 0
!
router bgp 300
no synchronization
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 1.1.1.5 remote-as 200
neighbor 156.50.10.3 remote-as 300
neighbor 156.50.10.3 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
neighbor 1.1.1.5 route-map SETMETRIC out
neighbor 156.50.10.3 activate
neighbor 156.50.10.3 send-community extended
bgp scan-time 10
bgp scan-time import 10
exit-address-family
!
ip kerberos source-interface any
ip classless
no ip http server
!
access-list 1 permit any
route-map SETMETRIC permit 10
match ip address 1
set metric 100
!
end
33
Configurations: PE-200
hostname PE-200
!
boot system disk0:c7200-js-mz.121-5c.E8.bin
!
ip subnet-zero
!
ip vrf pink
rd 200:2
route-target export 200:2
route-target export 200:777
route-target import 200:2
route-target import 300:2
!
ip vrf red
rd 200:1
export map OUT-INTER-AS
route-target export 200:1
route-target import 200:1
route-target import 300:1
ip cef
tag-switching tdp router-id Loopback0
cns event-service server
!
interface Loopback0
ip address 166.50.10.3 255.255.255.255
!
interface Loopback10
ip vrf forwarding red
ip address 20.1.1.1 255.255.255.0
!
interface Loopback11
ip vrf forwarding pink
ip address 21.1.1.1 255.255.255.0
!
interface FastEthernet4/0
ip address 2.2.2.6 255.255.255.252
no ip route-cache cef
duplex full
tag-switching ip
!
router ospf 200
log-adjacency-changes
network 2.2.2.0 0.0.0.255 area 0
network 166.50.10.0 0.0.0.255 area 0
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
router bgp 200
no synchronization
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 166.50.10.1 remote-as 200
neighbor 166.50.10.1 update-source Loopback0
neighbor 166.50.10.2 remote-as 200
neighbor 166.50.10.2 update-source Loopback0
default-information originate
!
address-family ipv4 vrf red
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf pink
redistribute connected
redistribute static
default-information originate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 166.50.10.1 activate
neighbor 166.50.10.1 send-community extended
neighbor 166.50.10.2 activate
neighbor 166.50.10.2 send-community extended
default-information originate
exit-address-family
!
ip classless
ip route vrf red 20.2.1.0 255.255.255.0 Loopback10 20.1.1.2
ip route vrf pink 21.2.1.0 255.255.255.0 Loopback11
21.1.1.2
no ip http server
!
access-list 10 permit 20.1.1.0 0.0.0.55
route-map OUT-INTER-AS permit 10
match ip address 10
set extcommunity rt 200:777 additive
!
end
34
Configurations: PE-300
hostname PE-300
!
ip subnet-zero
!
no ip finger
no ip domain-lookup
!
ip vrf emerald
rd 300:2
route-target export 300:2
route-target import 300:2
route-target import 200:2
!
ip vrf green
rd 300:1
route-target export 300:1
route-target import 300:1
route-target import 200:1
ip cef
tag-switching tag-range downstream 160 1000 0
cns event-service server
!
interface Loopback0
ip address 156.50.10.3 255.255.255.255
!
interface Loopback10
ip vrf forwarding green
ip address 30.1.1.1 255.255.255.0
!
interface Loopback11
ip vrf forwarding emerald
ip address 31.1.1.1 255.255.255.0
!
interface ATM1/0
no ip address
no ip route-cache cef
no atm ilmi-keepalive
!
interface FastEthernet4/0
ip address 3.3.3.6 255.255.255.252
duplex full
tag-switching ip
!
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
router ospf 300
log-adjacency-changes
network 3.3.3.4 0.0.0.3 area 0
network 156.50.10.0 0.0.0.255 area 0
!
router bgp 300
no synchronization
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 156.50.10.1 remote-as 300
neighbor 156.50.10.1 update-source Loopback0
neighbor 156.50.10.2 remote-as 300
neighbor 156.50.10.2 update-source Loopback0
!
address-family ipv4 vrf green
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf emerald
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 156.50.10.1 activate
neighbor 156.50.10.1 send-community extended
neighbor 156.50.10.2 activate
neighbor 156.50.10.2 send-community extended
bgp scan-time 15
bgp scan-time import 10
exit-address-family
!
ip classless
no ip http server
!
tftp-server disk0:c7200-js-mz.121-5c.E8.bin
!
end
35
INTER-AS SUMMARY
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
36
Inter-AS Summary
• Service Providers have deployed Inter-AS for:
Scalability purposes
Partitioning the network based on services or management boundaries
• Some contract work is in progress amongst Service Providers to
establish partnership and offer end-end VPN services to the
common customer base
• Service Provider networks are completely separate
Do not need to exchange internal prefix or label information
• Each Service Provider establishes a direct MP-eBGP session
with the others to exchange VPN-IPv4 addresses with labels
• /32 route to reach the ASBR is created by default so ASBRs can
communicate without a need for IGP
Must be redistributed in the receiving Service Provider’s IGP
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
37
Inter-AS Summary (Cont.)
• IGP or LDP across ASBR links is not required
Labels are already assigned to the routes when exchanged via MPeBGP
Interface used to establish MP-eBGP session does not need to be
associated with a VRF
• Direct eBGP routes and labels can be exchanged.
• Next-Hop self can be turned on on ASBRs, enabling the
ASBR to use its own address for next-hop
• Using the next-hop self requires an additional entry in
the TFIB for each VPNv4 route (about 180) bytes
• If the Service Provider wishes to hide the Inter-AS link
then use the next-hop-self method otherwise use the
redistribute connected subnets method
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
38
Inter-AS Summary (Cont.)
• Multi-hop MP-eBGP sessions can be passed between
Service Providers without conversions to VPNv4 routes
• Configuration of VRFs is not required on the ASBRs
because bgp default route-target filter (automatic route
filtering feature) has been disabled
• To conserve memory on both sides of the boundary and
implement a simple form of security, always configure
inbound route-maps to filter only routes that need to be
passed to the other AS
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
39
References
• Inter-AS for MPLS VPNs CCO Documentation:
www.cisco.com/univercd/cc/td/doc/product/software/ios121/
121newft/121t/121t5/interas.htm
• MPLS and VPN architectures Jim Guichard/Ivan
Pepelnjak ISBN 1-58705-002-1:
www.ciscopress.com/book.cfm?book=168
• Support for Inter-provider MPLS VPN ENG-48803
Dan Tappan, (internal only)
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
40
MPLS VPN Inter-AS,
12/03
© 2003 Cisco Systems, Inc. All rights reserved.
41
Related documents
25639-Cisco-2-Juniper
25639-Cisco-2-Juniper
Peplink SpeedFusion
Peplink SpeedFusion
RESUME - Anders Löwinger
RESUME - Anders Löwinger
Sue Moon
Sue Moon
Iain Grant, Bruntwood
Iain Grant, Bruntwood
WHO IS MY NEIGHBOR? - Knollwood Church Of Christ
WHO IS MY NEIGHBOR? - Knollwood Church Of Christ
5 Themes of Geography
5 Themes of Geography
Download